The attack on the National Republican Congressional Committee, the main group that works to elect Republicans to the US House of Representatives, allowed the person or group responsible to monitor the aides’ email accounts for several months, Politico said. The intrusion was detected in April by a managed security services provider the NRCC had retained to monitor the security of its network.

In a statement, CrowdStrike officials wrote: "In April 2018, CrowdStrike was asked by the NRCC to perform an investigation related to unauthorized access to NRCC’s emails. Prior to the incident, CrowdStrike was helping to protect NRCC’s internal corporate network, which was not compromised in this incident."

A person with direct knowledge of the NRCC investigation said the attack was significantly more limited than the one that hit the DNC in 2016. Unlike the DNC hack, it didn’t involve malware or any intrusion onto the committee’s internal network.

“This was not like the DNC case, where the network was breached,” said the person, who spoke on condition of anonymity because he wasn’t authorized to speak publicly. “The issue at hand only involves unauthorized access to a handful of email accounts that were hosted by a cloud email service provider. The actors were able to get a password to the email inbox of a handful of users and as a result access those emails.”

It wasn’t clear if the breached email accounts were protected by multifactor authentication, which is offered by cloud email services from both Google and Microsoft. The measure is a highly effective way to prevent unauthorized access to accounts, because it requires attackers not only to steal a password but—at a minimum—also obtain a short-lived, one-time password generated by a phone app. An even more effective form of MFA offered by Gmail, known as the Advanced Protection Program, would require attackers to steal a physical security key that must be connected to the device connecting to the account.

Despite the NRCC hack being discovered in April, senior House Republicans—including House Speaker Paul Ryan, House Majority Leader Kevin McCarthy, and Majority Whip Steve Scalise—were only informed of it on Monday. That’s when Politico contacted the NRCC with questions about the intrusions, Tuesday’s report said. Rank-and-file House Republicans were also unaware of it. So far, little is publicly known about the people behind the intrusions, including whether they are working on behalf of a government.